Virus and Spyware Removal Guides, uninstall instructions

What is SimpleGuideSearch?

Like most adware-type applications, SimpleGuideSearch generates revenue for its developers by serving various online advertisements. In fact, this app also functions as a browser hijacker (it promotes a fake search engine by changing certain browser settings).

Research shows that SimpleGuideSearch is distributed through a fake, deceptive Adobe Flash Player installer.

What is the Movies Searcher browser hijacker?

Movies Searcher is dubious software classified as a browser hijacker. Following successful installation, it operates by making modifications to browser settings to promote movies-searcher.com (a fake search engine). Most browser hijackers monitor users' browsing activity, and it is highly likely that this is the case with Movies Searcher.

Due to the dubious techniques used to proliferate Movies Searcher, it is classified as a Potentially Unwanted Application (PUA).

What is Cinobi?

Cinobi is Trojan-type malware capable of stealing banking credentials (and is hence classified as a banking Trojan). Research shows that cyber criminals target mostly clients of Japanese banks, however, they might also target those of other banks. If you believe that this banking Trojan might be installed on the operating system, remove it immediately.

What is the Maps-N-Directions browser hijacker?

As the name implies, Maps-N-Directions is rogue software endorsed as a tool for easy access to various maps and routes. It operates by making changes to browser settings to promote hmapsndirections.co (a fake search engine) and is therefore categorized as a browser hijacker.

Additionally, this app monitors users' browsing habits. Since most people download/install Maps-N-Directions unintentionally, it is classified as a Potentially Unwanted Application (PUA).

What is message-inbox[.]icu?

message-inbox[.]icu is an untrusted website, which either loads dubious content or opens other web pages of this kind. Users do not often visit pages such as message-inbox[.]icu intentionally. In most cases, these addresses are opened by potentially unwanted applications (PUAs) that are installed on browsers and/or computers.

Some examples of other pages similar to message-inbox[.]icu are broindifferd[.]club, check-you-robot[.]site and onlybestpushnews[.]com.

What is the Nefartanulo rasomware?

Discovered by Karsten Hahn, Nefartanulo is a malicious program classified as ransomware. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".nefartanulo@protonmail.com" extension (which consists of the cyber criminals' email address).

For example, a file originally named something like "1.jpg" would appear as "1.jpg.nefartanulo@protonmail.com" following encryption. After this process is complete, ransom messages within "HOW_TO_RECOVER_ENCRYPTED_FILES.txt" files are dropped into compromised folders.

There is evidence suggesting that Nefartanulo could be based on the Hidden Tear open-source project.

What is Breaking News Now?

Breaking News Now is a typical browser hijacker. After installation, it assigns certain browser settings to breakingnewsnowtab.com (the address of a fake search engine).

Note that apps of this type often gather data. Users often download and install browser hijackers unintentionally and, for this reason, they are classified as potentially unwanted applications (PUAs).

What is Zorab2?

Zorab2 is a new variant of ZORAB ransomware. This variant renames encrypted files by appending the ".zorab2" extension. For example, it would rename a file called "1.jpg" to "1.jpg.zorab2", "2.jpg" to "2.jpg.zorab2", and so on. It also creates the "--DECRYPT--ZORAB.txt" and "--DECRYPT--ZORAB.vbs" files in all folders containing encrypted files.

The first contains a ransom message, whilst the second is an audio recording of the message.

What is the Find New Coupons browser hijacker?

Find New Coupons is rogue software endorsed as a tool for easy access to various popular coupons. In fact, it operates by making modifications to browser settings to promote hfindnewcoupons.com (a fake search engine). Due to this, it is classified as a browser hijacker.

Find New Coupons has data tracking capabilities, which are used to gather information relating to browsing activity. Since most users install Find New Coupons inadvertently, it is also classified as a Potentially Unwanted Application (PUA).

What is BestPDFSearch?

BestPDFSearch is a browser hijacker which changes certain browser settings to bestpdfsearch.com, the address of a fake search engine. Apps of this type often collect details relating to users' browsing habits (browsing data).

Commonly, people download and install browser hijackers inadvertently and, for this reason, they are classified as potentially unwanted applications (PUAs).